Daemon start problems
Stephen Quinney
squinney at inf.ed.ac.uk
Tue Dec 13 11:50:43 UTC 2011
On Tue, Nov 29, 2011 at 11:20:35AM -0500, Steve Grubb wrote:
> On Tuesday, November 22, 2011 05:52:32 AM Stephen Quinney wrote:
> > However, I'm struggling to debug why it is failing each time. All I get back from
> > the daemon is an exit code of 1, this seems to mean "generic or unspecified error",
> > and no useful error messages so I'm a bit stuck on what to do next.
> >
> > Any suggestions?
>
> Have you looked in syslog? Generally the audit daemon writes about any problem it runs
> into there.
>
I have finally tracked down what was going on here. The daemon only
fails to start at boot time when the action_mail_acct configuration
option is set. A look in the audit_config.c code reveals that the
email address is passed through the validate_email() function which
uses gethostbyname() to check the host. Although the network is up
before auditd starts, at that point in the boot sequence there are no
reachable DNS servers. This is due to a local configuration oddity
with the resolv.conf file. Moving auditd to later in the boot sequence
resolves the problem.
Stephen Quinney
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the Linux-audit
mailing list